Abstract: Presented here is a system that manages secured file system, and an authority to the secured file system, by granting access only to a user who is authorized to access the file system. The user within the system is identified using a unique key unique to each user. The user's authority is recorded in a linear sequence distributed among multiple devices each of which independently verifies the validity of each block in the linear sequence. The validity of the linear sequence is guaranteed by preventing certain operations from being performed on the linear sequence, such as branching of the linear sequence, deletion, and modification of the blocks within the linear sequence. Prior to adding a new block to the linear sequence, the validity of the block is independently computed by each of the devices.

Abstract: A method, system and computer-usable medium for mitigating security breaches associated with dissemination of protected data. In certain embodiments, the method includes receiving information communicated to a secured network from a source external to the secured network and determining whether the received information includes protected data. If the received information includes protected data, a determination is made as to whether the receipt of the protected data is anomalous. If the receipt of the protected data is anomalous, one or more sources of egress of the protected data from the secured network are identified. By identifying the sources of egress, actions may be taken to prevent future egress of the protected data.

Abstract: A trusted session is to be established between a smart speaker and a computer server. The computer server may receive an instruction to initiate a trusted session with the smart speaker. The instruction includes an indication of an account linking token for linking a first and second account associated with the smart speaker and the computer server, respectively. The computer server generates a session token and sends it to the smart speaker for acoustic signalling. The acoustic signal is captured by a mobile device and used to reconstruct the session token. The computer server receives the reconstructed session token along with identifying information from the mobile device. The computer server system uses the identifying information to confirm that the mobile device is associated with the second accord. Upon so confirming, the computer server may establish a trusted session between the first smart speaker and the computer server system.

Abstract: A method securely scans a second web page linked to a first web page being displayed by a browser. The method identifies a target link to a second web page from one or more links contained within a first web page. Prior to receiving a user selection of the target link, the method prefetches content from the second web page and loads the prefetched content from the second web page into a safe cache before receiving the user selection of the target link. The method scans the prefetched content from the second web page for a security threat, within the safe cache, wherein the safe cache is configured to prevent the prefetched content from altering a memory location or storage location external to the safe cache. In response to identifying a security threat within the prefetched content, the method displays a warning to the user.

Abstract: This disclosure relates to blockchain-based content verification. In one aspect, a method includes receiving, from a client device of a signer, a target transaction request for triggering presentation of a target electronic document. A smart contract for content verification of the target electronic document is invoked in response to receiving the target transaction request. A content verification program declared in the smart contract is executed. The executing includes reading content of the target electronic document from a blockchain and performing content verification on the target electronic document based on the content of the target electronic document read from the blockchain. A content verification result and the content of the target electronic document is returned to the client device for presentation to the signer.

Abstract: The present disclosure generally relates to visually varying an image using parallax image layers, and more specifically, relates to visually varying presentation of an access right displayed on a mobile device to enhance verification of access to resources. The variation of multiple layers of an image may be based on sensor data detected at the mobile device.

Abstract: Malware scanning for network-attached storage systems is provided herein. A data storage system as described herein can include a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can include a file identification component that obtains an identifier for a target file stored by the data storage system; a lookup component that searches a scan status data structure for a malware scan result corresponding to the identifier for the target file; and a file access component that grants access to the target file in response to the lookup component obtaining the malware scan result from the scan status data structure and the malware scan result indicating that the target file contains no malware.

Abstract: A security matrix layer between a first and second conductive shorting layers are located within a printed circuit board (PCB). The security matrix layer includes at least two types of microcapsules with each type of microcapsule containing a different reactant. When the security matrix layer is accessed, drilled, or otherwise damaged, the microcapsules rupture and the reactants react to form at least an electrically conductive material. The electrically conductive material may contact and short the first and second conductive shorting layers.

Abstract: This application provides a key configuration method. A session management network element receives a request for end-to-end communication and obtains a security policy, where the security policy is determined based on at least one of: a user security requirement that is of the user equipment and that is preconfigured on a home subscriber server, a service security requirement from the user equipment, a security capability requirement supported by the user equipment, a security capability requirement from a carrier network, and a security requirement of a device on the other end of the end-to-end communication. The session management network element obtains a protection key used for protecting the end-to-end communication. The session management network element sends the security policy to the devices on two ends of the end-to-end communication.

Abstract: Some implementations may provide a machine-assisted method for determining a trustworthiness of a requested transaction, the method including: receiving, from a relying party, a request to determine a trustworthiness of a particular transaction request, the transaction request initially submitted by a user to access data managed by the relying party; based on the transaction request, summarizing the particular transaction request into transactional characteristics, the transactional characteristics devoid of source assets of the transaction, the source assets including credential information of the user, the credential information of the relying party, or information content of the requested transaction; generating first machine readable data encoding transactional characteristics of the underlying transaction as requested, the transactional characteristics unique to the particular transaction request; submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the t

Abstract: A system and method for blockchains with serial proof of work includes a memory storing a blockchain, and a processor coupled to the memory. The processor is configured to receive a miner identifier, receive a block of data for inclusion in a new block of the blockchain, determine an initial nonce based on the miner identifier, hash a combination of the block of data and the initial nonce to create a hashed value, iteratively determine an updated nonce based on the hashed value and update the hashed value by hashing the updated nonce until the updated hashed value satisfies a proof of work criteria, create the new block based on the block of data, the miner identifier, and the updated hashed value that satisfies the proof of work criteria, and share the new block with one or more other computing devices hosting the blockchain.

Abstract: Systems, methods, and non-transitory computer-readable media can identify a post to be published via a social networking system. A privacy schedule for modifying a privacy setting associated with the post can be determined. A trigger to modify the privacy setting associated with the post can be detected. The privacy setting can be modified based on the privacy schedule when the trigger is detected.

Abstract: In various embodiments, a data map generation system is configured to receive a request to generate a privacy-related data map for particular computer code, and, at least partially in response to the request, determine a location of the particular computer code, automatically obtain the particular computer code based on the determined location, and analyze the particular computer code to determine privacy-related attributes of the particular computer code, where the privacy-related attributes indicate types of personal information that the particular computer code collects or accesses. The system may be further configured to generate and display a data map of the privacy-related attributes to a user.

Abstract: Systems, methods, and non-transitory computer readable media are provided for security-aware caching of resources. An offline version of a resource may be prepared for a computing device. The offline version of the resource may include a security parameter. The security parameter may define a security rule to be enforced with respect to offline usage of the resource. The offline version of the resource may be provided for caching by the computing device. The cache of the offline version of the resource may enable the offline usage of the resource by the computing device. The security rule for the offline usage of the resource may be enforced by the computing device based on the security parameter.

Abstract: A device management system according to the present invention transmits, in response to an authentication request from a network device, verification data generated by the device management system and a whitelist including identification information corresponding to a user managed in association with the network device, receives a signature generated according to biometrics for a user on a portable terminal and the whitelist, via the network device, and, in a case where verification of the signature is successful, responds to the network device to permit login by the user of the terminal.

Abstract: A computing system includes an anonymizer server. The anonymizer server is communicatively coupled to a data repository configured to store a personal identification information (PII) data. The anonymizer server is configured to perform operations including receiving a repository configuration request comprising an anonymized data schema, and creating an anonymized data repository clone based on the anonymized data schema. The anonymizer server is also configured to perform operations including anonymizing the PII data to create an anonymized data by applying a one-way data masking, a one-way data morphing, or a combination thereof, and storing the anonymized data in the anonymized data repository clone.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.

Abstract: An external biometric reader and verification device for providing access control to a computing device, and associated methods, are disclosed. The external reader can store and verify biometrics under the control of the computing device and send identity verification messages to the computing device. One disclosed device includes a biometric reader communicatively connected to an external secure microcontroller. The external secure microcontroller stores a set of biometric data and a signing key. The signing key can be injected by a device manufacturer in a controlled key injection room in a manufacturing facility and can be used to sign a certificate. An operating system of the computing device can be programmed to send a request for the certificate, receive the certificate, and predicate control of access to the operating system using the verification messages on verification of the certificate.

Abstract: A wireless network connection security method is disclosed, including: acquiring a type of a wireless network to which a mobile device is connected; determining that the type of the wireless network is insecure; monitoring an application, the application being installed on the mobile device; determining that the application is to be activated; and in response to the determination that the application is to be activated, establishing a secure communication channel between the mobile device and a first server.

Abstract: Multi-party consent to performance of an action is securely registered by receiving from at least one consent requesting entity (CRE) a consent action request (CAR), which is matched with a consent policy. The policy may specify a plurality of consent voting entities (CVE), and direct confirmation of registration of an identity of each CVE in a blockchain. A consent request (CR) may then be issued to the CVEs. Consent request responses (CRRs) from the CVEs are then compared with at least one condition in the consent policy. A representation of a state of the CRRs is relative to the consent policy is registered in the blockchain. If the policy condition(s) is satisfied, a subject entity may be signaled to perform the action corresponding to the CAR, and a state indication of performance of the action may also be registered in the blockchain.